<?php
session_start();
include "../connectsql.php";

if (isset($_SESSION["ceo"]) && $_SESSION["ceo"] == true) {
	if (isset($_REQUEST["id"])) {
		$id = $_REQUEST["id"];
		if ($id == "") {
			die (ECHO_NO_ID);
		}
	} else {
		die (ECHO_NO_ID);
	}
	$manager = $_SESSION["manager"];

	$sql = "select * from ".DB_MANAGER_TAB." where `managername` = '".$manager."'";
	$query = mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
	$num_rows = mysqli_num_rows($query);
	if ($num_rows == 0) {
		die (ECHO_ERROR);
	}
	$row = mysqli_fetch_assoc($query);
	$power = $row["powertype"];
	$leaderid = $row["leaderid"];
	if ($power == 65535 && $leaderid == 0) {

	} else if ($power != 65535 && $leaderid == $id) {
		$sql = "select * from ".DB_MANAGER_TAB." where `id` = '".$id."'";
		$query = mysqli_query($link, $sql) or die(ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
		$num_rows = mysqli_num_rows($query);
		if ($num_rows == 0) {
			die (ECHO_ERROR);
		}
		$row = mysqli_fetch_assoc($query);
		$manager = $row["managername"];
	} else {
		die (ECHO_NO_ID);
	}
	$path = "upload/".md5($manager.DB_PWD.$manager)."/";
	echo $path;
} else {
	// 用户名不能为空验证
	if (isset($_REQUEST["name"])) {
		$username = $_REQUEST["name"];
		if ($username == "") {
			die (ECHO_NO_INPUTNAME);
		}
	} else {
		die (ECHO_NO_INPUTNAME);
	}

	// 管理员编号不能为空验证， 暂时不知道这个有什么作用
	if (isset($_REQUEST["managerid"])) {
		$managerid = $_REQUEST["managerid"];
		if ($managerid == "") {
			die (ECHO_NO_ID);
		}
	} else {
		die (ECHO_NO_ID);
	}

	$sql = "select * from ".DB_MANAGER_TAB." where `id` = '".$managerid."'";
	$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
	$num_rows = mysqli_num_rows($query);
	if ($num_rows == 0) {
		die (ECHO_NO_ID);
	}
	$row = mysqli_fetch_assoc($query);
	$manager = $row["managername"];

 	$_SESSION["user"] = true;
 	$_SESSION["username"] = $username;
 	$_SESSION["managername"] = $manager;

	if (isset($_REQUEST['ver'])) {
		$ver = $_REQUEST['ver'];
		if ($ver == "") {
			die (ECHO_ERROR);
		}
		$sql = "update ".SetDB_USER_TAB($manager)." set `ver` = '".$ver."' where `username` = '".$username."'";
		$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_CHANGE);
	} else {
		die (ECHO_ERROR);
	}

	$sql = "select * from ".SetDB_USER_TAB($manager)." where `username` = '".$username."'";
	$query = mysqli_query($link, $sql) or die (ECHO_MYSQL_ERROR_QUERY_TABLE_TO_FIND);
	$num_rows = mysqli_num_rows($query);

	if ($num_rows == 0) {
		die (ECHO_NO_INPUTNAME);
	}
	$row = mysqli_fetch_assoc($query);
	$mode = $row["modexml"];
	$playlist = $row["playlistxml"];
	$path = "upload/".md5($manager.DB_PWD.$manager)."/;;".$mode.";;".$playlist;
	echo $path;
}
mysqli_close($link);
?>
